(Deep, deep thanks to Taylor for reminding me to test this!)

Although OpenSSL before 1.1.1 is no longer supported, it's possible
that somebody is still using it with 0.3.5, so we probably shouldn't
break it with this fix.

Resolved Conflicts:
	src/feature/dirparse/parsecommon.c

Private-key validation is fairly expensive for long keys in openssl,
so we need to avoid it sooner.

Fixes bug 32778; bugfix on 0.4.1.1-alpha.

Peter Gerber authored 5 years ago and Peter Gerber committed 5 years ago

Allow calls to dup() which was introduced in commit a22fbab9.

From a security perspective, I don't think this should impact the
security of the sandbox significantly. As far as I can tell, there
is nothing an adversary can do with a duplicated FD that can't be
done with the original.

Peter Gerber authored 5 years ago and Nick Mathewson committed 5 years ago

This fixes a startup crash with libseccomp v2.4.0 if Sandbox is
set to 1.

Merge:
* libzstd-dev from ticket32242_035
* shellcheck from maint-0.4.0

Merge
* Chutney Trusty deletion in bug32240_029
* NSS addition in maint-0.3.5

Closes 32240.

We need to set "Sandbox 0", until we fix sandbox errors that are
triggered by Ubuntu Xenial and Bionic. See 32722.

Part of 32240.

"ours" to avoid version bump.